Hello, I have the following event in my app log on my Exchange 2003 server: Event Type: Success Audit Event Source: MSExchangeIS Mailbox Store Event Category: Logons Event ID: 1011 Date: 9/30/2010 Time: 6:31:12 PM User: N/A Computer: MAIL Description: NT AUTHORITY\SYSTEM logged on as /O=Site1/OU=SITENY/cn=Recipients/cn=JJONES on database "First Storage Group\Mailbox Store (MOMAIL)", using administrator privileges. Can provide some detail on this message? What would cause SYSTEM to log in in as this user with admin priv? Is there a scenario where this message is triggered by one of my Sys Admins accessing this persons mailbox? Thank you.

On Thu, 2 Dec 2010 17:52:29 +0000, NJAX wrote: >Event Type: Success Audit Event Source: MSExchangeIS Mailbox Store Event Category: Logons Event ID: 1011 Date: 9/30/2010 Time: 6:31:12 PM User: N/A Computer: MAIL Description: NT AUTHORITY\SYSTEM logged on as /O=Site1/OU=SITENY/cn=Recipients/cn=JJONES on database "First Storage Group\Mailbox Store (MOMAIL)", using administrator privileges. > >Can provide some detail on this message? What would cause SYSTEM to log in in as this user with admin priv? Is there a scenario where this message is triggered by one of my Sys Admins accessing this persons mailbox? Do you make "brick-level" backups? Do you have any Mailbox Manager activity? Any processes that access mailboxes (e.g. voice mail, fax, etc.) and run using the local system account? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hello, Do you make "brick-level" backups? No Do you have any Mailbox Manager activity? No Any processes that access mailboxes (e.g. voice mail, fax, etc.) and run using the local system account? No

This might be helpful ... It is NT AUTHORITY\SYSTEM which is using that mailbox .. and as Rich rightly pointed out it may be anything as he mentioned AV, Spamfilter some task ,,, You shoudl be able to get lots of such events.. and they are ignorable. If you are not getting many such events than you can increase diagnostics logging

On Fri, 3 Dec 2010 18:17:59 +0000, NJAX wrote: > > >Hello, Do you make "brick-level" backups? No Do you have any Mailbox Manager activity? No Any processes that access mailboxes (e.g. voice mail, fax, etc.) and run using the local system account? No Okay . . . what about background scans by your anti-virus software? You could try this and see if the logon times are about the wame within each database: Get-LogonStatistics | where {$_.windows2000account -like "*system"}|ft username,logontime,databasename -auto --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, This event is seen when diagnostics logging has been turned up (to maximum) on the MSEXCHANGEIS\PRIVATE Service on the LOGONS category, and no action is required for user. Just as mentioned by the article below. http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=6.5.6940.0&EvtID=1011&EvtSrc=MSExchangeIS+Mailbox+Store&LCID=1033 Best regards, SerenaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.